[BESAdmin-Announcements] BigFix Compliance: Updated CIS Checklist for Windows 11 with bug fixes, published 2025-02-11

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Wed Feb 12 05:05:31 PST 2025 

Product:
BigFix Compliance

Title:
Updated CIS Checklist for Windows 11 with bug fixes


Security Benchmark:

CIS Microsoft Windows 11 Enterprise Benchmark, V3.0.0

Published Sites:
CIS Checklist for Windows 11, site version 10
(The site version is provided for air-gap customers.)

Details:

Fixed and Improved implementation for the following check:

   -

   Ensure 'Allow auditing events in Microsoft Defender Application Guard'
   is set to 'Enabled'
   -

   Ensure 'Allow camera and microphone access in Microsoft Defender
   Application Guard' is set to 'Disabled'
   -

   Ensure 'Allow data persistence for Microsoft Defender Application Guard'
   is set to 'Disabled'
   -

   Ensure 'Allow files to download and save to the host operating system
   from Microsoft Defender Application Guard' is set to 'Disabled'
   -

   Ensure 'Configure Microsoft Defender Application Guard clipboard
   settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard
   operation from an isolated session to the host'
   -

   Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is
   set to 'Enabled: 1'
   -

   Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'
   -

   Ensure 'Turn On Virtualization Based Security: Credential Guard
   Configuration' is set to 'Enabled with UEFI lock'
   -

   Ensure 'Turn On Virtualization Based Security: Kernel-mode
   Hardware-enforced Stack Protection' is set to 'Enabled: Enabled in
   enforcement mode'
   -

   Ensure 'Turn On Virtualization Based Security: Require UEFI Memory
   Attributes Table' is set to 'True (checked)'
   -

   Ensure 'Turn On Virtualization Based Security: Secure Launch
   Configuration' is set to 'Enabled'
   -

   Ensure 'Turn On Virtualization Based Security: Select Platform Security
   Level' is set to 'Secure Boot' or higher
   -

   Ensure 'Turn On Virtualization Based Security: Virtualization Based
   Protection of Code Integrity' is set to 'Enabled with UEFI lock'

Actions to take:

   -

   To subscribe to the above site, you can use the License Overview
   Dashboard to enable and gather the site. Note that you must be entitled to
   the BigFix Compliance product and you must be using BigFix version 9.5 and
   later.
   -

   If you use custom sites, update your custom sites accordingly to use the
   latest content. You can synchronize your content by using the Synchronize
   Custom Checks wizard. For more information, see
   https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html
   <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.hcltechsw.com%2Fbigfix%2F10.0%2Fcompliance%2FCompliance%2FSCM_Users_Guide%2Fc_using_synchronize_custom_checks_wiz.html&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=KIEcA%2B8alhcOTNhoNtuPAhcQ2w%2FURNERu8OaaxxiNB4%3D&reserved=0>


More information:
To know more about the BigFix Compliance SCM checklists, please see the
following resources:

   -

   BigFix Forum:
   https://forum.bigfix.com/c/release-announcements/compliance
   <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.bigfix.com%2Fc%2Frelease-announcements%2Fcompliance&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UYYRYb3SofshREYync5mCc2d5MUGb53t7OjOCBg%2BoJg%3D&reserved=0>
   -

   BigFix Compliance SCM Checklists:

   https://bigfix-wiki.hcltechsw.com/wikis/home?lang=enus#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
   <https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbigfix-wiki.hcltechsw.com%2Fwikis%2Fhome%3Flang%3Denus%23!%2Fwiki%2FBigFix%2520Wiki%2Fpage%2FSCM%2520Checklists&data=05%7C01%7CBigFix-Scrum-Earth%40hcl.com%7C850b19aead5a47f24eb308da841ed642%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637967565224681222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sJEji05sRie522iksNIya8RoKSDGBtgSCKlAzsF0N%2Fo%3D&reserved=0>


We hope you find this latest release of SCM content useful and effective.
Thank you!

– The BigFix Compliance team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250212/930d3969/attachment.html>

More information about the Besadmin-announcements mailing list